Who We Are
WAPLO ("we", "us", "our") is a WhatsApp Business Automation SaaS platform operated by WAPLO Technologies. Our platform enables businesses to automate customer communication, orders, bookings, and marketing via the WhatsApp Business API.
Our services are available globally with primary operations serving India, USA, UK, UAE, Canada, Europe, Singapore, and Australia.
Data Controller: WAPLO Technologies
Website: waplo.io
Email: privacy@waplo.io
Information We Collect
We collect two types of data: data from business owners (our subscribers) and data from end customers (who interact with businesses via WhatsApp).
| Data Type | What We Collect | Source |
|---|---|---|
| Account Data | Business name, owner name, email, phone number, business type, address | Registration form |
| Payment Data | Billing info, subscription plan — card details handled by Razorpay/Stripe | Payment gateway |
| WhatsApp Data | Messages sent/received via your WhatsApp Business number, customer phone numbers, conversation history | Meta WhatsApp API |
| Customer Data | End-customer names, phone numbers, order/booking history, loyalty points | WhatsApp conversations |
| Usage Data | Dashboard interactions, feature usage, login times, IP address, browser type | Automatically collected |
| AI Data | Conversation context sent to OpenAI for AI response generation | OpenAI API |
How We Use Your Data
- Providing and operating the WAPLO automation platform
- Processing WhatsApp messages and triggering automated workflows
- Generating AI responses via OpenAI GPT-4o-mini
- Managing customer CRM, loyalty points, and conversation history
- Sending broadcast marketing campaigns on your behalf
- Processing subscription payments and managing billing
- Sending platform notifications, alerts, and follow-up automations
- Improving our platform features and fixing bugs
- Complying with legal obligations (IT Act, GDPR, DPDP 2023)
- Preventing fraud, abuse, and unauthorized access
Data Sharing & Third Parties
We do not sell your personal data. We share data only with trusted service providers required to operate WAPLO:
| Partner | Purpose | Data Shared |
|---|---|---|
| Meta (WhatsApp) | Message delivery via WhatsApp Business API | Message content, phone numbers |
| OpenAI | AI response generation | Conversation context (anonymized where possible) |
| Razorpay | India payment processing | Billing info (no card data stored by us) |
| Stripe | Global payment processing | Billing info (no card data stored by us) |
| Hostinger | Web hosting & database | Website data, MySQL database |
| Google Analytics | Website analytics | Anonymous usage data |
We may also disclose data when required by law, court order, or government authority.
WhatsApp & Meta Data
WAPLO uses the official Meta WhatsApp Business API. By using our platform, you agree to Meta's WhatsApp Business Terms of Service and Acceptable Use Policy in addition to this policy.
- All WhatsApp messages are processed through Meta's official API
- We store message history in our secure MySQL database for automation purposes
- Every broadcast message includes an opt-out option (reply STOP)
- We only message customers who have opted in or initiated contact
- You are responsible for obtaining consent from your end customers before messaging them
- We comply with Meta's 24-hour messaging window policy
Data Storage & Security
Your data is stored on secure servers with the following protections:
- MySQL database hosted on Hostinger (enterprise-grade security)
- VPS with Ubuntu 24.04 and Docker isolation
- SSL/TLS encryption for all data in transit (HTTPS)
- Password hashing (bcrypt) for all user credentials
- IP-restricted database access
- Regular automated backups
- API keys encrypted and stored securely in n8n credentials vault
Data is retained for the duration of your subscription plus 30 days after cancellation, after which it is permanently deleted upon request. Legal compliance data may be retained for up to 7 years as required by applicable law.
Your Rights
Depending on your location, you have the following rights regarding your personal data:
| Right | Description | Applicable Law |
|---|---|---|
| Access | Request a copy of all data we hold about you | GDPR, DPDP, CCPA |
| Correction | Fix inaccurate or incomplete data | All |
| Deletion | Request deletion of your personal data ("right to be forgotten") | GDPR, DPDP |
| Portability | Receive your data in a machine-readable format | GDPR |
| Objection | Object to processing based on legitimate interest | GDPR |
| Opt-out | Unsubscribe from marketing messages anytime (reply STOP) | All |
| Withdraw Consent | Withdraw consent at any time without affecting prior processing | GDPR, DPDP |
To exercise any right, email us at privacy@waplo.io. We respond within 30 days (GDPR) or 72 hours for urgent requests.
Cookies
Our website (waplo.io) and dashboard use cookies for:
- Essential Cookies: Login sessions, security tokens — cannot be disabled
- Analytics Cookies: Google Analytics for usage stats — can be disabled
- Preference Cookies: Dashboard settings, language preferences
You can manage cookie preferences in your browser settings. Disabling essential cookies will prevent platform login.
Children's Privacy
WAPLO is a business platform intended for use by businesses and adults aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age.
If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@waplo.io and we will delete it promptly.
International Data Transfers
As a global platform, data may be transferred across borders. We ensure appropriate safeguards:
- EU/UK data transfers comply with Standard Contractual Clauses (SCCs)
- OpenAI (USA) — data processing agreement in place
- Meta (USA) — Meta's data transfer mechanisms apply
- Indian data processed in compliance with DPDP Act 2023
Policy Updates
We may update this Privacy Policy periodically. When we make significant changes, we will:
- Update the "Last Updated" date at the top of this page
- Send an email notification to all registered business owners
- Display an in-dashboard notification for 14 days
Continued use of WAPLO after policy updates constitutes acceptance of the revised policy.
Contact Us
For any privacy-related questions, requests, or complaints:
Data Protection Officer
🌐 waplo.io
⏱️ Response time: Within 30 days (GDPR) | 48 hours (India)
If you are an EU/UK resident and believe we have not handled your complaint satisfactorily, you have the right to lodge a complaint with your local data protection authority.